US11496901B2 - Radio communication apparatus, wireless LAN router, unauthorized access prevention method, and radio communication system - Google Patents

Radio communication apparatus, wireless LAN router, unauthorized access prevention method, and radio communication system Download PDF

Info

Publication number
US11496901B2
US11496901B2 US16/971,428 US201816971428A US11496901B2 US 11496901 B2 US11496901 B2 US 11496901B2 US 201816971428 A US201816971428 A US 201816971428A US 11496901 B2 US11496901 B2 US 11496901B2
Authority
US
United States
Prior art keywords
radio communication
radio
external terminal
communicator
communication apparatus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US16/971,428
Other versions
US20200389794A1 (en
Inventor
Hiroshi Nishikawa
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Platforms Ltd
Original Assignee
NEC Platforms Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Platforms Ltd filed Critical NEC Platforms Ltd
Assigned to NEC PLATFORMS LTD., reassignment NEC PLATFORMS LTD., ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NISHIKAWA, HIROSHI
Publication of US20200389794A1 publication Critical patent/US20200389794A1/en
Application granted granted Critical
Publication of US11496901B2 publication Critical patent/US11496901B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices

Definitions

  • the present invention relates to a radio communication apparatus, a wireless LAN router, an unauthorized access prevention method, and a radio communication system.
  • Patent Literature 1 discloses a configuration in which a firewall device transfers a packet to a decoy device based on a distribution condition.
  • Patent Literature 2 discloses a configuration in which communication information of an authorized access point is concealed by providing a plurality of access points each of which repeatedly transmits false communication information destined for itself in addition to the authorized access point.
  • Patent Literature 1 Japanese Patent No. 3794491
  • Patent Literature 2 Japanese Patent No. 5708183
  • the present disclosure has been made in view of the aforementioned problem and an example object thereof is to provide a radio communication apparatus, a wireless LAN router, an unauthorized access prevention method, and a radio communication system that have security for protection against unauthorized access.
  • a radio communication apparatus includes: first radio communication means for functioning as an access point for radio communication; second radio communication means for functioning as an access point for radio communication; and storage means for storing dummy information, in which the first radio communication means has a security level higher than that of the second radio communication means, and the second radio communication means is capable of transmitting the dummy information stored in the storage means.
  • a wireless LAN router includes: first radio communication means for functioning as an access point for radio communication; second radio communication means for functioning as an access point for radio communication; and storage means for storing dummy information, in which the first radio communication means has a security level higher than that of the second radio communication means, and the second radio communication means includes a radio communication apparatus capable of transmitting the dummy information stored in the storage means.
  • An unauthorized access prevention method is an unauthorized access prevention method for executing control for preventing unauthorized access to a first radio access point, the unauthorized access prevention method including: detecting a connection from an external terminal to a second radio access point that is set to a security level lower than that of the first radio access point; and transmitting dummy information to the external terminal when the connection from the external terminal to the second radio access point is detected.
  • a radio communication system includes a first radio communication apparatus, and a second radio communication apparatus configured to prevent unauthorized access to the first radio communication apparatus, in which each of the first and the second radio communication apparatuses has a function as an access point for radio communication, the first radio communication apparatus has a higher security level than that of the second radio communication apparatus, and the second radio communication apparatus is capable of transmitting dummy information.
  • a radio communication apparatus a wireless LAN router, a radio communication method, and a radio communication system that have security for protection against unauthorized access.
  • FIG. 1 is a block diagram showing a radio communication apparatus according to a first example embodiment
  • FIG. 2 is a block diagram showing a radio communication apparatus according to a second example embodiment
  • FIG. 3 is a sequence diagram showing an operation flow of the radio communication apparatus according to the second example embodiment
  • FIG. 4 is a sequence diagram showing an operation flow of a radio communication apparatus according to a third example embodiment.
  • FIG. 5 is a block diagram showing a radio communication apparatus according to a fourth example embodiment.
  • each of the example embodiments described below can be used individually, or two or more of the example embodiments may be appropriately combined with one another. These example embodiments include novel features different from one another. Accordingly, these example embodiments contribute to attaining objects or solving problems different from one another, and thus contribute to providing advantages different from one another.
  • FIG. 1 is a block diagram showing a radio communication apparatus 1 according to the first example embodiment.
  • the radio communication apparatus 1 includes a first radio communication unit 10 , a second radio communication unit 20 , and a storage unit 21 .
  • the first radio communication unit 10 is first radio communication means for functioning as an access point for radio communication.
  • the second radio communication unit 20 is second radio communication means for functioning as an access point for radio communication.
  • the first radio communication unit 10 has a higher security level than that of the second radio communication unit 20 .
  • the storage unit 21 is storage means for storing dummy information.
  • the second radio communication unit 20 is connected to the storage unit 21 and can transmit the dummy information stored in the storage unit 21 .
  • the dummy information is data that is not confidential or informative and that may be acquired by a third party through unauthorized access.
  • the external terminal attempting unauthorized access attempts to connect to either of the first and the second radio communication units 10 and 20 .
  • the external terminal attempting unauthorized access cannot easily connect to the first radio communication unit 10 .
  • the external terminal attempting unauthorized access can relatively easily connect to the second radio communication unit 20 of which the security level is relatively lower than that of the first radio communication unit 10 . Accordingly, in the above-described configuration, it is possible to guide the external terminal attempting unauthorized access to connect to the second radio communication unit 20 . That is, it is possible to prevent unauthorized access to the first radio communication unit 10 .
  • the second radio communication unit 20 can transmit dummy information stored in the storage unit 21 , the external terminal connected to the second radio communication unit 20 can acquire the dummy information.
  • the dummy information is data which may be acquired by a third party, so that the unauthorized access causes no damage.
  • the radio communication apparatus 1 has security for protecting communication information from unauthorized access.
  • FIG. 2 is a block diagram showing a radio communication apparatus 2 according to this example embodiment.
  • the radio communication apparatus 2 includes the first radio communication unit 10 , the second radio communication unit 20 , a dummy server 25 , a router 30 , and a warning unit 40 .
  • the dummy server 25 includes the storage unit 21 and a detection unit 22 .
  • the radio communication apparatus 2 is, for example, a wireless LAN router.
  • a first external terminal 100 shown in FIG. 2 is an external terminal that is allowed to access the radio communication apparatus 2 .
  • a second external terminal 200 is an external terminal that is not allowed to access the radio communication apparatus 2 .
  • a third external terminal 300 is an external terminal used by an administrator of the radio communication apparatus 2 .
  • the third external terminal 300 is connected by a wire to the radio communication apparatus 2 .
  • the third external terminal 300 has authority to instruct the radio communication apparatus 2 to perform operations such as a shutdown.
  • first, the second, the third external terminals 100 , 200 , and 300 are communication terminals such as computers and smartphones. Further, the third external terminal 300 may be wirelessly connected to the radio communication apparatus 2 .
  • a server 400 stores information to be protected from unauthorized access.
  • the server 400 is a storage device including, for example, a nonvolatile memory.
  • the server 400 is connected by a wire to the radio communication apparatus 2 .
  • the first external terminal 100 can acquire information stored in the server 400 via the first radio communication unit 10 .
  • server 400 may be wirelessly connected to the radio communication apparatus 2 .
  • Each of the first and the second radio communication units 10 and 20 can be used as, for example, an access point of a wireless LAN conforming to the IEEE 802.11 standard.
  • the first and the second radio communication units 10 and 20 include Service Set IDentifiers (SSIDs) different from each other.
  • SSIDs Service Set IDentifiers
  • the second radio communication unit 20 may include a plurality of SSIDs.
  • the first radio communication unit 10 has a higher security level than that of the second radio communication unit 20 .
  • the first radio communication unit 10 can be configured to have the security standard of Wi-Fi Protected Access 2 (WPA2), and the second radio communication unit 20 can be configured to have the security standard of WPA or Wired Equivalent Privacy (WEP).
  • WPA2 Wi-Fi Protected Access 2
  • WEP Wired Equivalent Privacy
  • the first radio communication unit 10 performs authentication using an SSID and a password and is connected to the first external terminal 100 .
  • the dummy server 25 is a server including the storage unit 21 and the detection unit 22 .
  • the dummy server 25 is connected to the second radio communication unit 20 , the router 30 , and the warning unit 40 . That is, the storage unit 21 and the detection unit 22 housed in the dummy server 25 are configured so that they can connect to the second radio communication unit 20 , the router 30 , and the warning unit 40 .
  • the storage unit 21 is storage means for storing dummy information.
  • the dummy information refers to data that is not confidential or informative and that may be acquired by a third party through an unauthorized access attack.
  • the dummy information can be false information having a format similar to that of information to be protected in the server 400 , such as random personal information or fictitious experimental data.
  • the dummy information may be data stored in the storage unit 21 in advance or data acquired from the third external terminal 300 or other networks.
  • the detection unit 22 is detection means for detecting a connection from an external terminal to the second radio communication unit 20 .
  • the detection unit 22 outputs a detection signal when it detects the connection from the external terminal to the second radio communication unit 20 .
  • the router 30 is a router that performs relaying among the first radio communication unit 10 , the dummy server 25 , the third external terminal 300 , and the server 400 .
  • the router 30 may be further connected to an external communication apparatus or a network other than the third external terminal 300 and the server 400 .
  • the warning unit 40 is warning means for outputting a warning signal when a detection signal is acquired.
  • the warning signal is output to warning output means (not shown) included in the radio communication apparatus 2 or an external device (not shown) outside the radio communication apparatus 2 .
  • the above warning output means and external device output warnings in the form of, for example, light and sound.
  • the second external terminal 200 tries to connect to either of the first and the second radio communication units 10 and 20 in order to obtain information stored in the server 400 .
  • the second external terminal 200 acquires the SSID of each of the first and the second radio communication units 10 and 20 , selects one of the SSIDs, and attempts to perform the connection.
  • the first radio communication unit 10 has a higher security level than that of the second radio communication unit 20
  • the second external terminal 200 cannot easily connect to the first radio communication unit 10 .
  • the second external terminal 200 can relatively easily connect to the second radio communication unit 20 of which the security level is relatively lower than that of the first radio communication unit 10 . Accordingly, in above-described configuration, it is possible to guide the second external terminal 200 to connect to the second radio communication unit 20 . That is, it is possible to prevent unauthorized access to information stored in the server 400 .
  • the second external terminal 200 can acquire the plurality of SSIDs possessed by the second radio communication unit 20 . That is, a plurality of connection destinations other than the first radio communication unit 10 can be presented to the second external terminal 200 . Accordingly, it is possible to lower the probability that the second external terminal 200 selects the first radio communication unit 10 as a connection destination.
  • FIG. 3 is a sequence diagram showing an operation flow of the radio communication apparatus 2 .
  • Step S 101 the detection unit 22 monitors an access log of the second radio communication unit 20 and determines whether an external terminal is connected to the second radio communication unit 20 .
  • Step S 102 it is assumed that the second external terminal 200 is connected to the second radio communication unit 20 .
  • the detection unit 22 detects that the second external terminal 200 is connected to the second radio communication unit 20 .
  • Step S 104 the detection unit 22 outputs detection signals to the first and the second radio communication units 10 and 20 , the warning unit 40 , and the third external terminal 300 .
  • Step S 105 when the second radio communication unit 20 acquires the detection signal, it transmits dummy information to the second external terminal 200 .
  • the second external terminal 200 acquires the dummy information from the second radio communication unit 20 .
  • it is difficult for the second external terminal 200 to instantaneously determine whether the dummy information is false information it is possible to let the second external terminal 200 continue to connect to the second radio communication unit 20 . That is, it is possible to prevent the second external terminal 200 from switching the connection destination to the first radio communication unit 10 . Accordingly, an administrator of the radio communication apparatus 2 can take security measures against the unauthorized access from the second external terminal 200 by using the period until the second external terminal 200 notices that the dummy information is false information.
  • Step S 106 the first radio communication unit 10 restricts a connection from the second external terminal 200 , which is connected to the second radio communication unit 20 , to the first radio communication unit 10 .
  • the first radio communication unit 10 prohibits connections from all the external terminals other than the first external terminal 100 and the third external terminal 300 . By doing so, it is possible to prevent unauthorized access from the second external terminal 200 to the information stored in the server 400 .
  • Step S 107 the warning unit 40 outputs a warning signal when it acquires the detection signal.
  • the radio communication apparatus 2 or an external device (not shown) outputs a warning in such a manner that it can be recognized by a user.
  • Step S 104 an administrator of the radio communication apparatus 2 can recognize that there has been a connection from the external terminal to the second radio communication unit 20 by the detection signal acquired by the third external terminal 300 . Accordingly, in Step S 108 , an administrator of the radio communication apparatus 2 can take security measures such as a shutdown of the radio communication apparatus 2 .
  • Steps S 105 to S 108 may be performed in any order or may be performed simultaneously.
  • the first radio communication unit 10 may prohibit connections from all the external terminals other than the third external terminal 300 . That is, the first radio communication unit 10 may prohibit the connection from the first external terminal 100 . By doing so, it is possible to prevent an unauthorized user from making unauthorized access by using the first external terminal 100 for an evil purpose.
  • the configuration of the radio communication apparatus in this example embodiment is the same as that in the second example embodiment (see FIG. 2 ). However, this example embodiment differs from the second embodiment in that the detection unit 22 according to this example embodiment has a function of detecting identification information of an external terminal connected to the second radio communication unit 20 .
  • the identification information is information such as a Media Access Control (MAC) address and an Internet Protocol (IP) address by which communication terminals can be identified.
  • MAC Media Access Control
  • IP Internet Protocol
  • FIG. 4 is a sequence diagram showing an operation flow of the radio communication apparatus according to this example embodiment.
  • the operation flow of the radio communication apparatus includes Steps S 203 to S 208 after Step S 104 . Note that in FIG. 4 , Steps S 101 to S 103 are omitted.
  • Step S 203 after Step S 104 the detection unit 22 according to this example embodiment analyzes the access log of the second radio communication unit 20 and detects identification information of the second external terminal 200 connected to the second radio communication unit 20 .
  • Step S 204 the detection unit 22 outputs a detection signal including the identification information of the second external terminal 200 to the first and the second radio communication units 10 and 20 and the third external terminal 300 .
  • Step S 205 the second radio communication unit 20 restricts a connection from the external terminal having the identification information included in the acquired detection signal to the second radio communication unit 20 .
  • the second radio communication unit 20 prohibits a connection from the external terminal corresponding to the acquired identification information. By doing so, it is possible to prevent damage from an unauthorized access attack to the second radio communication unit 20 .
  • the first radio communication unit 10 restricts a connection from the external terminal having the identification information included in the acquired detection signal to the first radio communication unit 10 .
  • the first radio communication unit 10 prohibits a connection from the external terminal corresponding to the acquired identification information. By doing so, it is possible to prevent unauthorized access from the second external terminal 200 to the first radio communication unit 10 .
  • Step S 206 when the first radio communication unit 10 determines that the identification information included in the acquired detection signal is identification information of the terminal of an authorized user, the first radio communication unit 10 may allow the terminal of the authorized user to connect to the first radio communication unit 10 .
  • the first radio communication unit 10 may determine whether the acquired identification information is identification information of the terminal of an authorized user by checking it against a predetermined authorization list. In this case, it is possible to prevent a connection from an authorized user to the first radio communication unit 10 from being wrongly restricted.
  • Step S 204 an administrator of the radio communication apparatus 2 can recognize the identification information of the terminal connected to the second radio communication unit 20 by the detection signal acquired by the third external terminal 300 . Accordingly, in Step S 208 , the administrator of the radio communication apparatus 2 can take measures such as reporting of the second external terminal 200 based on the identification information.
  • Steps S 106 and S 108 may be omitted.
  • Steps S 205 to S 208 may be performed in any order or may be performed simultaneously.
  • FIG. 5 is a block diagram showing a radio communication apparatus 3 according to the fourth example embodiment.
  • the radio communication apparatus 3 includes the first radio communication unit 10 , the second radio communication unit 20 , and the storage unit 21 .
  • another radio communication apparatus 500 shown in FIG. 5 is a radio communication apparatus different from the radio communication apparatus 3 .
  • the other radio communication apparatus 500 may be, for example, an access point of a wireless LAN or a communication terminal such as a computer or a smartphone. Further, the other radio communication apparatus 500 may be connected to an external terminal (not shown) used by an administrator of the radio communication apparatus 3 .
  • the second radio communication unit 20 is connected to the other predetermined radio communication apparatus 500 . Further, the second radio communication unit 20 repeatedly performs radio communication with the other predetermined radio communication apparatus 500 .
  • the second radio communication unit 20 actively performs radio communication, it is possible to give the impression that the second radio communication unit 20 is an important access point to an unauthorized user who tries to obtain unauthorized access. Accordingly, it is possible to facilitate guiding an unauthorized user to make unauthorized access to the second radio communication unit 20 .
  • the first and the second radio communication units 10 and 20 may be stored in housings different from each other. In such a configuration, it is possible to separately manage the housing including the first radio communication unit 10 and the housing including the second radio communication unit 20 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An object of the present invention is to provide a radio communication apparatus, a wireless LAN router, an unauthorized access prevention method, and a radio communication system that have security for protection against unauthorized access. A radio communication apparatus (1) according to the present invention includes: first radio communication means (10) for functioning as an access point for radio communication; second radio communication means (20) for functioning as an access point for radio communication; and storage means (21) for storing dummy information. The first radio communication means (10) has a security level higher than that of the second radio communication means (20), and the second radio communication means (20) is capable of transmitting the dummy information stored in the storage means (21).

Description

This application is a National Stage Entry of PCT/JP2018/007302 filed on Feb. 27, 2018, the contents of all of which are incorporated herein by reference, in their entirety.
TECHNICAL FIELD
The present invention relates to a radio communication apparatus, a wireless LAN router, an unauthorized access prevention method, and a radio communication system.
BACKGROUND ART
Security technologies for preventing unauthorized access in radio communication such as a wireless Local Area Network (LAN) are known. For example, Patent Literature 1 discloses a configuration in which a firewall device transfers a packet to a decoy device based on a distribution condition. Patent Literature 2 discloses a configuration in which communication information of an authorized access point is concealed by providing a plurality of access points each of which repeatedly transmits false communication information destined for itself in addition to the authorized access point.
CITATION LIST Patent Literature
Patent Literature 1: Japanese Patent No. 3794491
Patent Literature 2: Japanese Patent No. 5708183
SUMMARY OF INVENTION Technical Problem
In recent years, as security technologies have improved, methods for obtaining unauthorized access have become more sophisticated. This leads to a problem that the security described above may be broken. Therefore, there is a demand to further enhance the security for protecting communication information from unauthorized access in a radio communication apparatus.
The present disclosure has been made in view of the aforementioned problem and an example object thereof is to provide a radio communication apparatus, a wireless LAN router, an unauthorized access prevention method, and a radio communication system that have security for protection against unauthorized access.
Solution to Problem
A radio communication apparatus according to an example aspect of the invention includes: first radio communication means for functioning as an access point for radio communication; second radio communication means for functioning as an access point for radio communication; and storage means for storing dummy information, in which the first radio communication means has a security level higher than that of the second radio communication means, and the second radio communication means is capable of transmitting the dummy information stored in the storage means.
A wireless LAN router according to an example aspect of the invention includes: first radio communication means for functioning as an access point for radio communication; second radio communication means for functioning as an access point for radio communication; and storage means for storing dummy information, in which the first radio communication means has a security level higher than that of the second radio communication means, and the second radio communication means includes a radio communication apparatus capable of transmitting the dummy information stored in the storage means.
An unauthorized access prevention method according to an example aspect of the invention is an unauthorized access prevention method for executing control for preventing unauthorized access to a first radio access point, the unauthorized access prevention method including: detecting a connection from an external terminal to a second radio access point that is set to a security level lower than that of the first radio access point; and transmitting dummy information to the external terminal when the connection from the external terminal to the second radio access point is detected.
A radio communication system according to an example aspect of the invention includes a first radio communication apparatus, and a second radio communication apparatus configured to prevent unauthorized access to the first radio communication apparatus, in which each of the first and the second radio communication apparatuses has a function as an access point for radio communication, the first radio communication apparatus has a higher security level than that of the second radio communication apparatus, and the second radio communication apparatus is capable of transmitting dummy information.
Advantageous Effects of Invention
According to the present disclosure, it is possible to provide a radio communication apparatus, a wireless LAN router, a radio communication method, and a radio communication system that have security for protection against unauthorized access.
BRIEF DESCRIPTION OF DRAWINGS
FIG. 1 is a block diagram showing a radio communication apparatus according to a first example embodiment;
FIG. 2 is a block diagram showing a radio communication apparatus according to a second example embodiment;
FIG. 3 is a sequence diagram showing an operation flow of the radio communication apparatus according to the second example embodiment;
FIG. 4 is a sequence diagram showing an operation flow of a radio communication apparatus according to a third example embodiment; and
FIG. 5 is a block diagram showing a radio communication apparatus according to a fourth example embodiment.
 DESCRIPTION OF EMBODIMENTS
Specific example embodiments will be described hereinafter in detail with reference to the drawings. The same or corresponding elements are denoted by the same symbols throughout the drawings, and repeated descriptions are omitted as necessary for the sake of clarity.
Each of the example embodiments described below can be used individually, or two or more of the example embodiments may be appropriately combined with one another. These example embodiments include novel features different from one another. Accordingly, these example embodiments contribute to attaining objects or solving problems different from one another, and thus contribute to providing advantages different from one another.
First Example Embodiment
First, a first example embodiment of the present invention is described with reference to FIG. 1. FIG. 1 is a block diagram showing a radio communication apparatus 1 according to the first example embodiment. As shown in FIG. 1, the radio communication apparatus 1 includes a first radio communication unit 10, a second radio communication unit 20, and a storage unit 21.
The first radio communication unit 10 is first radio communication means for functioning as an access point for radio communication. The second radio communication unit 20 is second radio communication means for functioning as an access point for radio communication. The first radio communication unit 10 has a higher security level than that of the second radio communication unit 20.
The storage unit 21 is storage means for storing dummy information. The second radio communication unit 20 is connected to the storage unit 21 and can transmit the dummy information stored in the storage unit 21. Note that the dummy information is data that is not confidential or informative and that may be acquired by a third party through unauthorized access.
Here, a description is given of a case in which an external terminal that is not allowed to access the radio communication apparatus 1 attempts unauthorized access to the radio communication apparatus 1.
First, the external terminal attempting unauthorized access attempts to connect to either of the first and the second radio communication units 10 and 20. At this time, as the first radio communication unit 10 has a higher security level than that of the second radio communication unit 20, the external terminal attempting unauthorized access cannot easily connect to the first radio communication unit 10. On the other hand, the external terminal attempting unauthorized access can relatively easily connect to the second radio communication unit 20 of which the security level is relatively lower than that of the first radio communication unit 10. Accordingly, in the above-described configuration, it is possible to guide the external terminal attempting unauthorized access to connect to the second radio communication unit 20. That is, it is possible to prevent unauthorized access to the first radio communication unit 10.
Further, as the second radio communication unit 20 can transmit dummy information stored in the storage unit 21, the external terminal connected to the second radio communication unit 20 can acquire the dummy information. However, as described above, the dummy information is data which may be acquired by a third party, so that the unauthorized access causes no damage.
As described above, the radio communication apparatus 1 has security for protecting communication information from unauthorized access.
Second Example Embodiment
Next, a second example embodiment of the present invention is described with reference to FIGS. 2 and 3. FIG. 2 is a block diagram showing a radio communication apparatus 2 according to this example embodiment. As shown in FIG. 2, the radio communication apparatus 2 includes the first radio communication unit 10, the second radio communication unit 20, a dummy server 25, a router 30, and a warning unit 40. The dummy server 25 includes the storage unit 21 and a detection unit 22. The radio communication apparatus 2 is, for example, a wireless LAN router.
A first external terminal 100 shown in FIG. 2 is an external terminal that is allowed to access the radio communication apparatus 2. A second external terminal 200 is an external terminal that is not allowed to access the radio communication apparatus 2. A third external terminal 300 is an external terminal used by an administrator of the radio communication apparatus 2. The third external terminal 300 is connected by a wire to the radio communication apparatus 2. The third external terminal 300 has authority to instruct the radio communication apparatus 2 to perform operations such as a shutdown.
Note that the first, the second, the third external terminals 100, 200, and 300 are communication terminals such as computers and smartphones. Further, the third external terminal 300 may be wirelessly connected to the radio communication apparatus 2.
Further, a server 400 stores information to be protected from unauthorized access. The server 400 is a storage device including, for example, a nonvolatile memory. The server 400 is connected by a wire to the radio communication apparatus 2. The first external terminal 100 can acquire information stored in the server 400 via the first radio communication unit 10.
Note that the server 400 may be wirelessly connected to the radio communication apparatus 2.
Each of the first and the second radio communication units 10 and 20 can be used as, for example, an access point of a wireless LAN conforming to the IEEE 802.11 standard. The first and the second radio communication units 10 and 20 include Service Set IDentifiers (SSIDs) different from each other. Note that the second radio communication unit 20 may include a plurality of SSIDs.
The first radio communication unit 10 has a higher security level than that of the second radio communication unit 20. For example, the first radio communication unit 10 can be configured to have the security standard of Wi-Fi Protected Access 2 (WPA2), and the second radio communication unit 20 can be configured to have the security standard of WPA or Wired Equivalent Privacy (WEP). The first radio communication unit 10 performs authentication using an SSID and a password and is connected to the first external terminal 100.
The dummy server 25 is a server including the storage unit 21 and the detection unit 22. The dummy server 25 is connected to the second radio communication unit 20, the router 30, and the warning unit 40. That is, the storage unit 21 and the detection unit 22 housed in the dummy server 25 are configured so that they can connect to the second radio communication unit 20, the router 30, and the warning unit 40.
The storage unit 21 is storage means for storing dummy information. Note that the dummy information refers to data that is not confidential or informative and that may be acquired by a third party through an unauthorized access attack. For example, the dummy information can be false information having a format similar to that of information to be protected in the server 400, such as random personal information or fictitious experimental data. The dummy information may be data stored in the storage unit 21 in advance or data acquired from the third external terminal 300 or other networks.
The detection unit 22 is detection means for detecting a connection from an external terminal to the second radio communication unit 20. The detection unit 22 outputs a detection signal when it detects the connection from the external terminal to the second radio communication unit 20.
The router 30 is a router that performs relaying among the first radio communication unit 10, the dummy server 25, the third external terminal 300, and the server 400. The router 30 may be further connected to an external communication apparatus or a network other than the third external terminal 300 and the server 400.
The warning unit 40 is warning means for outputting a warning signal when a detection signal is acquired. The warning signal is output to warning output means (not shown) included in the radio communication apparatus 2 or an external device (not shown) outside the radio communication apparatus 2. The above warning output means and external device output warnings in the form of, for example, light and sound.
Here, a description is given of a case in which the second external terminal 200 that is not allowed to access the radio communication apparatus 2 attempts unauthorized access to the radio communication apparatus 1.
First, the second external terminal 200 tries to connect to either of the first and the second radio communication units 10 and 20 in order to obtain information stored in the server 400. Specifically, the second external terminal 200 acquires the SSID of each of the first and the second radio communication units 10 and 20, selects one of the SSIDs, and attempts to perform the connection. At this time, as the first radio communication unit 10 has a higher security level than that of the second radio communication unit 20, the second external terminal 200 cannot easily connect to the first radio communication unit 10. On the other hand, the second external terminal 200 can relatively easily connect to the second radio communication unit 20 of which the security level is relatively lower than that of the first radio communication unit 10. Accordingly, in above-described configuration, it is possible to guide the second external terminal 200 to connect to the second radio communication unit 20. That is, it is possible to prevent unauthorized access to information stored in the server 400.
Further, when the second radio communication unit 20 has a plurality of SSIDs, the second external terminal 200 can acquire the plurality of SSIDs possessed by the second radio communication unit 20. That is, a plurality of connection destinations other than the first radio communication unit 10 can be presented to the second external terminal 200. Accordingly, it is possible to lower the probability that the second external terminal 200 selects the first radio communication unit 10 as a connection destination.
An example of processing for preventing unauthorized access performed by the radio communication apparatus 2 is described below with reference to FIG. 3. FIG. 3 is a sequence diagram showing an operation flow of the radio communication apparatus 2.
First, in Step S101, the detection unit 22 monitors an access log of the second radio communication unit 20 and determines whether an external terminal is connected to the second radio communication unit 20.
In Step S102, it is assumed that the second external terminal 200 is connected to the second radio communication unit 20. In this case, in Step S103, the detection unit 22 detects that the second external terminal 200 is connected to the second radio communication unit 20. Then, in Step S104, the detection unit 22 outputs detection signals to the first and the second radio communication units 10 and 20, the warning unit 40, and the third external terminal 300.
After that, in Step S105, when the second radio communication unit 20 acquires the detection signal, it transmits dummy information to the second external terminal 200. At this time, the second external terminal 200 acquires the dummy information from the second radio communication unit 20. As it is difficult for the second external terminal 200 to instantaneously determine whether the dummy information is false information, it is possible to let the second external terminal 200 continue to connect to the second radio communication unit 20. That is, it is possible to prevent the second external terminal 200 from switching the connection destination to the first radio communication unit 10. Accordingly, an administrator of the radio communication apparatus 2 can take security measures against the unauthorized access from the second external terminal 200 by using the period until the second external terminal 200 notices that the dummy information is false information.
Further, in Step S106, the first radio communication unit 10 restricts a connection from the second external terminal 200, which is connected to the second radio communication unit 20, to the first radio communication unit 10. Specifically, the first radio communication unit 10 prohibits connections from all the external terminals other than the first external terminal 100 and the third external terminal 300. By doing so, it is possible to prevent unauthorized access from the second external terminal 200 to the information stored in the server 400.
Further, in Step S107, the warning unit 40 outputs a warning signal when it acquires the detection signal. In response to the warning signal, the radio communication apparatus 2 or an external device (not shown) outputs a warning in such a manner that it can be recognized by a user. By such a configuration, a user of the radio communication apparatus 2 can learn that there has been a connection from the external terminal to the second radio communication unit 20.
Further, after Step S104, an administrator of the radio communication apparatus 2 can recognize that there has been a connection from the external terminal to the second radio communication unit 20 by the detection signal acquired by the third external terminal 300. Accordingly, in Step S108, an administrator of the radio communication apparatus 2 can take security measures such as a shutdown of the radio communication apparatus 2.
Note that Steps S105 to S108 may be performed in any order or may be performed simultaneously.
Further, in Step S106, the first radio communication unit 10 may prohibit connections from all the external terminals other than the third external terminal 300. That is, the first radio communication unit 10 may prohibit the connection from the first external terminal 100. By doing so, it is possible to prevent an unauthorized user from making unauthorized access by using the first external terminal 100 for an evil purpose.
Third Example Embodiment
Next, a third example embodiment of the present invention is described.
The configuration of the radio communication apparatus in this example embodiment is the same as that in the second example embodiment (see FIG. 2). However, this example embodiment differs from the second embodiment in that the detection unit 22 according to this example embodiment has a function of detecting identification information of an external terminal connected to the second radio communication unit 20. The identification information is information such as a Media Access Control (MAC) address and an Internet Protocol (IP) address by which communication terminals can be identified.
An example of processing for preventing unauthorized access performed by the radio communication apparatus according to this example embodiment is described below with reference to FIG. 4. FIG. 4 is a sequence diagram showing an operation flow of the radio communication apparatus according to this example embodiment.
As shown in FIG. 4, the operation flow of the radio communication apparatus according to this example embodiment includes Steps S203 to S208 after Step S104. Note that in FIG. 4, Steps S101 to S103 are omitted.
In Step S203 after Step S104, the detection unit 22 according to this example embodiment analyzes the access log of the second radio communication unit 20 and detects identification information of the second external terminal 200 connected to the second radio communication unit 20.
Then, in Step S204, the detection unit 22 outputs a detection signal including the identification information of the second external terminal 200 to the first and the second radio communication units 10 and 20 and the third external terminal 300.
After that, in Step S205, the second radio communication unit 20 restricts a connection from the external terminal having the identification information included in the acquired detection signal to the second radio communication unit 20. For example, the second radio communication unit 20 prohibits a connection from the external terminal corresponding to the acquired identification information. By doing so, it is possible to prevent damage from an unauthorized access attack to the second radio communication unit 20.
Further, in Step S206, the first radio communication unit 10 restricts a connection from the external terminal having the identification information included in the acquired detection signal to the first radio communication unit 10. For example, the first radio communication unit 10 prohibits a connection from the external terminal corresponding to the acquired identification information. By doing so, it is possible to prevent unauthorized access from the second external terminal 200 to the first radio communication unit 10.
Note that in Step S206, when the first radio communication unit 10 determines that the identification information included in the acquired detection signal is identification information of the terminal of an authorized user, the first radio communication unit 10 may allow the terminal of the authorized user to connect to the first radio communication unit 10. For example, the first radio communication unit 10 may determine whether the acquired identification information is identification information of the terminal of an authorized user by checking it against a predetermined authorization list. In this case, it is possible to prevent a connection from an authorized user to the first radio communication unit 10 from being wrongly restricted.
Further, after Step S204, an administrator of the radio communication apparatus 2 can recognize the identification information of the terminal connected to the second radio communication unit 20 by the detection signal acquired by the third external terminal 300. Accordingly, in Step S208, the administrator of the radio communication apparatus 2 can take measures such as reporting of the second external terminal 200 based on the identification information.
Note that in this example embodiment, Steps S106 and S108 may be omitted.
Further, Steps S205 to S208 may be performed in any order or may be performed simultaneously.
Fourth Example Embodiment
Next, a fourth example embodiment of the present invention is described with reference to FIG. 5. FIG. 5 is a block diagram showing a radio communication apparatus 3 according to the fourth example embodiment. As shown in FIG. 5, the radio communication apparatus 3 includes the first radio communication unit 10, the second radio communication unit 20, and the storage unit 21.
Further, another radio communication apparatus 500 shown in FIG. 5 is a radio communication apparatus different from the radio communication apparatus 3. The other radio communication apparatus 500 may be, for example, an access point of a wireless LAN or a communication terminal such as a computer or a smartphone. Further, the other radio communication apparatus 500 may be connected to an external terminal (not shown) used by an administrator of the radio communication apparatus 3.
In this example embodiment, the second radio communication unit 20 is connected to the other predetermined radio communication apparatus 500. Further, the second radio communication unit 20 repeatedly performs radio communication with the other predetermined radio communication apparatus 500.
In the above-described configuration, as the second radio communication unit 20 actively performs radio communication, it is possible to give the impression that the second radio communication unit 20 is an important access point to an unauthorized user who tries to obtain unauthorized access. Accordingly, it is possible to facilitate guiding an unauthorized user to make unauthorized access to the second radio communication unit 20.
Note that the present invention is not limited to the aforementioned example embodiments and various modifications can be made without departing from the spirit of the present invention.
For example, the first and the second radio communication units 10 and 20 may be stored in housings different from each other. In such a configuration, it is possible to separately manage the housing including the first radio communication unit 10 and the housing including the second radio communication unit 20.
REFERENCE SIGNS LIST
  • 1-3 RADIO COMMUNICATION APPARATUS
  • 10 FIRST RADIO COMMUNICATION UNIT
  • 20 SECOND RADIO COMMUNICATION UNIT
  • 21 STORAGE UNIT
  • 22 DETECTION UNIT
  • 25 DUMMY SERVER
  • 30 ROUTER
  • 40 WARNING UNIT
  • 100 FIRST EXTERNAL TERMINAL
  • 200 SECOND EXTERNAL TERMINAL
  • 300 THIRD EXTERNAL TERMINAL
  • 400 SERVER
  • 500 ANOTHER RADIO COMMUNICATION APPARATUS

Claims (9)

What is claimed is:
1. A radio communication apparatus comprising:
a first radio communicator configured to function as a first access point for radio communication;
a second radio communicator configured to function as a second access point for radio communication;
a detector configured to output a detection signal to at least the first radio communicator and the second radio communicator upon detecting a second connection from an external terminal to the second radio communicator; and
a storage configured to store dummy information, wherein
the first radio communicator has a first security standard that has a higher security level than a second security standard of the second radio communicator,
upon acquiring the detection signal, the second radio communicator transmits the dummy information to the external terminal, and
upon acquiring the detection signal, the first radio communicator prevents a first connection to the first radio communicator from the external terminal that is connected to the second radio communicator.
2. The radio communication apparatus according to claim 1, wherein the detector acquires identification information of the external terminal connected to the second radio communicator.
3. The radio communication apparatus according to claim 2, wherein the detection signal includes the identification information of the external terminal connected to the second radio communicator.
4. The radio communication apparatus according to claim 1, wherein the radio communication apparatus is configured to output a warning signal when the detection signal is acquired.
5. The radio communication apparatus according to claim 1, wherein the second radio communicator has a plurality of Service Set IDentifiers (SSIDs).
6. The radio communication apparatus according to claim 1, wherein the second radio communicator repeatedly performs radio communication with another predetermined radio communication apparatus.
7. A wireless LAN router comprising the radio communication apparatus according to claim 1.
8. An unauthorized access prevention method for executing control for preventing unauthorized access to a first radio access point, the unauthorized access prevention method comprising:
detecting a second connection from an external terminal to a second radio access point that has a second security standard that has a lower security level than a first security standard of the first radio access point;
transmitting dummy information to the external terminal when the second connection from the external terminal to the second radio access point is detected; and
prevents a first connection to the first radio access point from the external terminal that is connected to the second radio access point upon the detecting the connection.
9. A radio communication system comprising a first radio communicator, a second radio communicator, and a detection apparatus configured to prevent unauthorized access to the first radio communicator, wherein
each of the first and the second radio communicators is configured to function as an access point for radio communication,
the first radio communicator has a first security standard that has a higher security level than a second security standard of the second radio communicator, the detection apparatus is configured to output a detection signal upon detecting a second connection from the external terminal to the second radio communicator,
upon acquiring the detection signal, the second radio communicator transmits the dummy information to the external terminal, and
upon acquiring the detection signal, the first radio communicator prevents a first connection to the first radio communicator from the external terminal that is connected to the second radio communicator.
US16/971,428 2018-02-27 2018-02-27 Radio communication apparatus, wireless LAN router, unauthorized access prevention method, and radio communication system Active US11496901B2 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/007302 WO2019167132A1 (en) 2018-02-27 2018-02-27 Wireless communication device, wireless lan router, unauthorized access prevention method and wireless communication system

Publications (2)

Publication Number Publication Date
US20200389794A1 US20200389794A1 (en) 2020-12-10
US11496901B2 true US11496901B2 (en) 2022-11-08

Family

ID=67806160

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/971,428 Active US11496901B2 (en) 2018-02-27 2018-02-27 Radio communication apparatus, wireless LAN router, unauthorized access prevention method, and radio communication system

Country Status (3)

Country Link
US (1) US11496901B2 (en)
JP (1) JP7127885B2 (en)
WO (1) WO2019167132A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7307648B2 (en) * 2019-09-30 2023-07-12 株式会社日本総合研究所 System, decoy PC, control device, method and program for reverse phishing against phishing mail
JP7473972B2 (en) 2021-07-19 2024-04-24 サイレックス・テクノロジー株式会社 Access point, communication system, and communication method

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040172557A1 (en) 2002-08-20 2004-09-02 Masayuki Nakae Attack defending system and attack defending method
JP2007174287A (en) 2005-12-22 2007-07-05 Nec Corp Radio packet communication system, radio packet base station, radio packet terminal and illegal communication canceling method
JP2009065538A (en) 2007-09-07 2009-03-26 Optim Corp Network connecting method, and network device
WO2010038726A1 (en) 2008-09-30 2010-04-08 日本電気株式会社 Information report system, information report method, communication terminal, and program
JP2012222761A (en) 2011-04-14 2012-11-12 Fujitsu Semiconductor Ltd Radio communication equipment and radio communication method
US20140031078A1 (en) 2012-07-27 2014-01-30 Brother Kogyo Kabushiki Kaisha Communication Device
WO2016136648A1 (en) 2015-02-25 2016-09-01 京セラ株式会社 Network device
US20180249517A1 (en) * 2017-02-27 2018-08-30 Samsung Electronics Co., Ltd Method and apparatus for managing wireless router and device connected thereto
US20180332471A1 (en) * 2016-05-05 2018-11-15 Tencent Technology (Shenzhen) Company Limited Wireless network connection method, wireless access point, server, and system

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3794491B2 (en) 2002-08-20 2006-07-05 日本電気株式会社 Attack defense system and attack defense method
US20040172557A1 (en) 2002-08-20 2004-09-02 Masayuki Nakae Attack defending system and attack defending method
JP2007174287A (en) 2005-12-22 2007-07-05 Nec Corp Radio packet communication system, radio packet base station, radio packet terminal and illegal communication canceling method
JP2009065538A (en) 2007-09-07 2009-03-26 Optim Corp Network connecting method, and network device
WO2010038726A1 (en) 2008-09-30 2010-04-08 日本電気株式会社 Information report system, information report method, communication terminal, and program
JP5708183B2 (en) 2011-04-14 2015-04-30 富士通セミコンダクター株式会社 Wireless communication apparatus and wireless communication method
JP2012222761A (en) 2011-04-14 2012-11-12 Fujitsu Semiconductor Ltd Radio communication equipment and radio communication method
US20140031078A1 (en) 2012-07-27 2014-01-30 Brother Kogyo Kabushiki Kaisha Communication Device
JP2014027538A (en) 2012-07-27 2014-02-06 Brother Ind Ltd Communication device
WO2016136648A1 (en) 2015-02-25 2016-09-01 京セラ株式会社 Network device
US20180034814A1 (en) 2015-02-25 2018-02-01 Kyocera Corporation Network apparatus
US20180332471A1 (en) * 2016-05-05 2018-11-15 Tencent Technology (Shenzhen) Company Limited Wireless network connection method, wireless access point, server, and system
US20180249517A1 (en) * 2017-02-27 2018-08-30 Samsung Electronics Co., Ltd Method and apparatus for managing wireless router and device connected thereto

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
International Search Report for PCT Application No. PCT/JP2018/007302, dated May 22, 2018.
Japanese Office Action for JP Application No. 2020-503133 dated Aug. 17, 2021 with English Translation.
Japanese Office Communication for JP Application No. 2020-503133 dated Feb. 15, 2022 with English Translation.

Also Published As

Publication number Publication date
JPWO2019167132A1 (en) 2021-01-07
US20200389794A1 (en) 2020-12-10
JP7127885B2 (en) 2022-08-30
WO2019167132A1 (en) 2019-09-06

Similar Documents

Publication Publication Date Title
Lee et al. Internet of things security-multilayered method for end to end data communications over cellular networks
US10691788B2 (en) Systems and methods for provisioning a camera with a dynamic QR code and a BLE connection
US20150271194A1 (en) Fake Base Station Detection with Core Network Support
US9674219B2 (en) Authenticating public land mobile networks to mobile stations
CN101621800B (en) Method for exchanging authentication information between wireless terminal and wireless router
CN109618344B (en) Safe connection method and device of wireless monitoring equipment
US20130007848A1 (en) Monitoring of smart mobile devices in the wireless access networks
CN107529160B (en) VoWiFi network access method and system, terminal and wireless access point equipment
EP2779723B1 (en) Method and related device for accessing access point
JP2007531398A (en) Wireless LAN intrusion detection method based on protocol anomaly analysis
US9009792B1 (en) Method and apparatus for automatically configuring a secure wireless connection
US9439131B2 (en) Detecting and disabling rogue access points in a network
CN104580152A (en) Protection method and system against wifi (wireless fidelity) phishing
KR20170062301A (en) Method and apparatus for preventing connection in wireless intrusion prevention system
CN105451230A (en) Internet-of-things device configuration method and Internet-of-things device configuration system
US20140282905A1 (en) System and method for the automated containment of an unauthorized access point in a computing network
CN103327484A (en) Method for clearing illegal AP in wireless local area network
US20150082429A1 (en) Protecting wireless network from rogue access points
US20170134416A1 (en) Security techniques on inter-terminal communications within the same ssid under the same ap using openflow
US11496901B2 (en) Radio communication apparatus, wireless LAN router, unauthorized access prevention method, and radio communication system
US20070109982A1 (en) Method and system for managing ad-hoc connections in a wireless network
US20160164889A1 (en) Rogue access point detection
Huang et al. A whole-process WiFi security perception software system
Kaplanis Detection and prevention of man in the middle attacks in Wi-Fi technology
US8122243B1 (en) Shielding in wireless networks

Legal Events

Date Code Title Description
AS Assignment

Owner name: NEC PLATFORMS LTD.,, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NISHIKAWA, HIROSHI;REEL/FRAME:053551/0622

Effective date: 20200707

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE